Solved

Win32/Exploit.MSWord.Smtag trojan

Posted on 2008-06-25
4
1,449 Views
Last Modified: 2013-11-22
A large MS Word (Office 2003, SP 3) document that I work on regularly appears to have been infected with a trojan this morning.  I'm running ESET / NOD32 (v3217 (20080625)).  This was the NOD32 warning:

Time      Module      Object      Name      Threat      Action      User      Information
6/25/2008 9:48:59 AM      AMON      file      <full path> a variant of Win32/Exploit.MSWord.Smtag trojan <machine name>\jdana      Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

NOD32 was unable to clean the file.  The error message simply reads, "Unable to clean."

Here's the interesting twist: The file was reported infected after the 3217 update.  The 3218 update arrived minutes ago, and suddenly NOD32 reports the file is clean.  Was I looking at a "false positive" from NOD32?   Is there an online tool I can use to verify the file is, in fact, clean?
0
Comment
Question by:jdana
4 Comments
 
LVL 20

Accepted Solution

by:
IndiGenus earned 168 total points
ID: 21867554
Yes sounds like it was a false positive. To make sure you could upload the file to one of the online scanners. It will be scanned by almost every engine out there....

Go to http://virusscan.jotti.org, click on Browse, and upload the file for analysis:

If Jotti is too busy you can try these.

http://www.kaspersky.com/scanforvirus.html
http://www.virustotal.com/en/indexf.html
0
 

Assisted Solution

by:vbuckjr
vbuckjr earned 166 total points
ID: 21868126
This is a false positive they had a bad signature file go out in 3217 have corrected it with the 3218 update, you can follow this link to a discussion of this problem.

http://www.wilderssecurity.com/showthread.php?p=1268309



0
 

Assisted Solution

by:Bene007
Bene007 earned 166 total points
ID: 21875092
The proposal is quite correct.
I installed on the 25 of june, the version 3218 (now it is still 3221!) and i get no more false positive !
But, I have to tell you that the 25 opf june the option scan and clean 've deleted some old Word Files !
The option in the action tab doesn't explain that.
Benedicte
0
 

Author Closing Comment

by:jdana
ID: 31470655
Sure enough, the "shadow" trojan vanished with the update.  Thanks for the assistance.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now